New Terms:

Networking stack: the networking stack is the set of system services running in your computer or server that allow it to talk to other computers and services. It consists of several layers, but the most important one most developers need to be aware of is the application layer, which is the highest level of network protocols that includes things like HTTP.

0:00

[MUSIC]

0:04

Welcome I'm Alena,
a teacher here at Treehouse.

0:08

Whatever your language of choice,
PHP, .NET, JavaScript,

0:12

Python, Java or any other language,
security is for everyone.

0:18

In this course, we're going to learn about
some of the most important web security

0:22

fundamentals, including HTTPS,
authentication and

0:27

authorization, patch management,
and compliance.

0:31

Each of these topics is a focus
in the field of web security.

0:35

Which falls beneath the larger
umbrella of security in general.

0:39

Security in general, however,
can be applied to nearly any technology.

0:44

As shown here, security ranges up and
down the modern networking stack.

0:49

When we think of security, we may think
of protecting the physical 1s and

0:53

0s running across the cable,
which would be a very low level.

0:57

Or, we may think of protecting
our web applications

1:00

from bad people intercepting traffic,
which would be at the application level.

1:07

Regardless, it's important to realize
that security is a very broad topic.

1:12

We'll only be diving into the parts of
security that lie in the web protocols

1:17

at the application layer
of most networking stacks.

1:21

Web security concerns
the security of websites,

1:24

applications, APIs and
services in general.

1:28

It covers a wide range of
topics from writing secure code

1:32

to protecting your applications
once they're deployed.

1:36

On the modern web,
security varies widely from site to site.

1:40

Our goal is to teach you the basics.

1:42

And insure that you have the ability
to explore more advance concepts

1:47

that will allow you to secure your sites,
APIs, services, and

1:52

applications against malicious entities.

1:55

Without building and maintaining secure
applications, your users are at risk, and

2:00

your company's assets maybe vulnerable.

2:03

Within nearly every
competent organization,

2:06

someone should be responsible for
security.

2:09

And at least every developer
should know the basics.

2:13

As developers, we should be aware
of the potential vulnerabilities

2:17

introduced into the code base with
each feature and every bug fix.

2:22

No matter what your job at your company,
organization, or even side project,

2:27

you should have security in mind when
you deploy your web applications.

2:31

Especially if you have
users you wish to protect.

2:35

By working together and putting security
first, we can all reduce the impact